📄 pseutils.java
字号:
/*
* Copyright (c) 2001-2007 Sun Microsystems, Inc. All rights reserved.
*
* The Sun Project JXTA(TM) Software License
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* 3. The end-user documentation included with the redistribution, if any, must
* include the following acknowledgment: "This product includes software
* developed by Sun Microsystems, Inc. for JXTA(TM) technology."
* Alternately, this acknowledgment may appear in the software itself, if
* and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Sun", "Sun Microsystems, Inc.", "JXTA" and "Project JXTA" must
* not be used to endorse or promote products derived from this software
* without prior written permission. For written permission, please contact
* Project JXTA at http://www.jxta.org.
*
* 5. Products derived from this software may not be called "JXTA", nor may
* "JXTA" appear in their name, without prior written permission of Sun.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
* FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL SUN
* MICROSYSTEMS OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
* OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
* EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* JXTA is a registered trademark of Sun Microsystems, Inc. in the United
* States and other countries.
*
* Please see the license information page at :
* <http://www.jxta.org/project/www/license.html> for instructions on use of
* the license in source files.
*
* ====================================================================
*
* This software consists of voluntary contributions made by many individuals
* on behalf of Project JXTA. For more information on Project JXTA, please see
* http://www.jxta.org.
*
* This license is based on the BSD license adopted by the Apache Foundation.
*/
package net.jxta.impl.membership.pse;
import net.jxta.impl.util.BASE64InputStream;
import net.jxta.impl.util.BASE64OutputStream;
import net.jxta.logging.Logging;
import org.bouncycastle.asn1.x509.X509NameTokenizer;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.security.auth.x500.X500Principal;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.Reader;
import java.io.StringReader;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.Calendar;
import java.util.Date;
import java.util.Hashtable;
import java.util.logging.Level;
import java.util.logging.Logger;
/**
* 覆盖解决classloader问题
* @since 2007-11-
*/
public final class PSEUtils {
/**
* Logger
*/
private static final transient Logger LOG = Logger.getLogger(PSEUtils.class.getName());
/**
* Singleton instance.
*/
private static final PSEUtils UTILS = new PSEUtils();
/**
* A SecureRandom for generating keys.
*/
final transient SecureRandom srng = new SecureRandom();
/**
* Singleton utility class
*/
private PSEUtils() {
try {
Provider provider = (Provider) new BouncyCastleProvider();
Security.addProvider(provider);
if (Logging.SHOW_INFO && LOG.isLoggable(Level.INFO)) {
LOG.info("Loaded Security Providers into system class loader");
}
} catch (Exception disallowed) {
if (Logging.SHOW_WARNING && LOG.isLoggable(Level.WARNING)) {
LOG.log(Level.WARNING,
"Failed loading Security Providers into System Class Loader. Will try local class loader (which may not work)",
disallowed);
}
// Add the providers we use.
Security.addProvider(new BouncyCastleProvider());
if (Logging.SHOW_INFO && LOG.isLoggable(Level.INFO)) {
LOG.info("Loaded Security Providers into local class loader");
}
}
// Provider [] providers = Security.getProviders();
// Iterator eachProvider = Arrays.asList(providers).iterator();
//
// while (eachProvider.hasNext()) {
// Provider aProvider = (Provider) eachProvider.next();
//
// System.out.println("\n\n" + aProvider.getName() + " - " + aProvider.getVersion() + " - " + aProvider.getInfo());
//
// Iterator allMappings = aProvider.entrySet().iterator();
//
// while (allMappings.hasNext()) {
// Map.Entry aMapping = (Map.Entry) allMappings.next();
//
// Object key = aMapping.getKey();
// System.out.println(key + " (" + key.getClass().getName() + ") --> " + aMapping.getValue() + " (" + key.getClass().getName() + ")");
// }
// }
}
/**
* Issuer Information
*/
public static class IssuerInfo {
public X509Certificate cert; // subject Cert
public PrivateKey subjectPkey; // subject private key
public X509Certificate issuer; // issuer Cert
public PrivateKey issuerPkey; // issuer private key
}
/**
* Generate a Cert
*
* @param cn subject cn for the certificate
* @param issuerinfo the cert issuer or null if self-signed root cert.
* @return the details of the generated cert.
* @throws SecurityException if the cert could not be generated.
*/
public static IssuerInfo genCert(String cn, IssuerInfo issuerinfo) throws SecurityException {
try {
String useCN;
if (null == issuerinfo) {
if (Logging.SHOW_FINE && LOG.isLoggable(Level.FINE)) {
LOG.fine("Generating Self Signed Cert ...");
}
if (!cn.endsWith("-CA")) {
useCN = cn + "-CA";
} else {
useCN = cn;
}
} else {
if (Logging.SHOW_FINE && LOG.isLoggable(Level.FINE)) {
LOG.fine("Generating Client Cert ...");
}
useCN = cn;
}
// set name attribute
Hashtable<DERObjectIdentifier, String> attrs = new Hashtable<DERObjectIdentifier, String>();
attrs.put(X509Principal.CN, useCN);
attrs.put(X509Principal.O, "www.jxta.org");
// XXX bondolo 20040405 wouldn't SN or UID be a better choice?
// set ou to 20 random digits
byte[] ou = new byte[10];
UTILS.srng.nextBytes(ou);
String ouStr = toHexDigits(ou);
attrs.put(X509Principal.OU, ouStr);
X509Principal subject = new X509Principal(attrs);
X500Principal samesubject = new X500Principal(subject.getEncoded());
KeyPairGenerator g = KeyPairGenerator.getInstance("RSA");
g.initialize(1024, UTILS.srng);
KeyPair keypair = g.generateKeyPair();
return genCert(samesubject, keypair, issuerinfo);
} catch (NoSuchAlgorithmException e) {
if (Logging.SHOW_SEVERE && LOG.isLoggable(Level.SEVERE)) {
LOG.log(Level.SEVERE, "Could not generate certificate", e);
}
SecurityException failure = new SecurityException("Could not generate certificate");
failure.initCause(e);
throw failure;
}
}
/**
* Generate a Cert given a keypair
*
* @param subject subjectDN for the certificate
* @param keypair the keypair to use.
* @param issuerinfo the cert issuer or null if self-signed root cert.
* @return the details of the generated cert.
* @throws SecurityException if the cert could not be generated.
*/
public static IssuerInfo genCert(X500Principal subject, KeyPair keypair, IssuerInfo issuerinfo) throws SecurityException {
try {
// set up issuer
PrivateKey signer;
X509Principal issuer;
if (null == issuerinfo) { // self-signed root cert
signer = keypair.getPrivate();
issuer = new X509Principal(subject.getEncoded());
} else { // issuer signed service sert
signer = issuerinfo.subjectPkey;
X500Principal issuer_subject = issuerinfo.cert.getSubjectX500Principal();
issuer = new X509Principal(issuer_subject.getEncoded());
}
// set validity 10 years from today
Date today = new Date();
Calendar cal = Calendar.getInstance();
cal.setTime(today);
cal.add(Calendar.YEAR, 10);
Date until = cal.getTime();
// generate cert
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setIssuerDN(issuer);
certGen.setSubjectDN(new X509Principal(subject.getEncoded()));
certGen.setNotBefore(today);
certGen.setNotAfter(until);
certGen.setPublicKey(keypair.getPublic());
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -